Date: Tue, 19 Sep 1995 17:30:19 +1000 From: Bruce Evans <bde@zeta.org.au> To: julian@ref.tfs.com, terry@lambert.org Cc: hackers@FreeBSD.ORG Subject: Re: suspect code in 'unlink' syscall. Message-ID: <199509190730.RAA30694@godzilla.zeta.org.au>
next in thread | raw e-mail | index | archive | help
>> looking at 'unlink (2)'
>> I see,
>> if (vp->v_type != VDIR ||
>> (error = suser(p->p_ucred, &p->p_acflag)) == 0) {
>Invert the test. I made this mod some time ago:
> if( ( error = suser(p->p_ucred, &p->p_acflag)) == 0 ||
> vp->v_type != VDIR) {
>This way, the error code will be set to EPERM if you are not root and the
>followon code will not be executed.
This way, the error code is bogusly set for non-root, so that only root
can unlink anything. Also, root is bogusly recorded as having used the
superuser privilege to unlink non-directories. Also, the formatting is
messed up.
You may have added some gotos to avoid the first bug.
Bruce
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199509190730.RAA30694>